<?php
/**
 * Author Yulin
 * Email  dwzhanglong@126.com
 * Date   2017-7-21
 * Func   密码管理
 */
defined('IN_YuLin') || exit('NO PERMIT!');

UserLogin(U($m.'/'.$c.'/'.$a));

$table  = Table('user');
$qtable = Table('user_password_question');
$page   = '';
if(IS_POST){
    switch ($a){
        case 'pay':
            $oldpassword = trim($_POST['oldpassword']);
            $newpassword = trim($_POST['newpassword']);
            $newpassword2= trim($_POST['newpassword2']);
            
            //	未设置取款密码则为登陆密码
            if($_user['paypassword'])
            {
                strlen($oldpassword) < 4 && AjaxReturn(1,'当前取款密码不正确');
                $password = Password($oldpassword);
                ($_user['paypassword'] != $password) && AjaxReturn(1,'当前取款密码不正确');
            }
            
            ((strlen($newpassword) < 4) || (strlen($newpassword) > 6)) && AjaxReturn(1,'新取款密码为4-6位');
            ($newpassword != $newpassword2) && AjaxReturn(1,'确认取款密码不正确');
            
            $password = Password($newpassword);
            $db->exec('UPDATE '.$table.' SET paypassword = \''.$password.'\' WHERE id = '.$_uid);
            
            AjaxReturn(0,'修改取款密码成功');
            break;
        case 'checksafepwd':
            // 验证安全密码
            $inputSafe    = $_POST['safepwd'];
            $checkSafeSql = 'SELECT id FROM ' . $table . ' WHERE id = ' . $_uid . ' AND safepwd = "' . addslashes($inputSafe) . '"';
            $flag         = $db->getrow($checkSafeSql);
            if (!$flag['id']){
                // 验证不通过
                AjaxReturn(1,'安全密码验证失败！');
            }
            // 验证通过后，展示修改密码界面
            $page = 'member/securityRePwd';
            break;
        case 'resetpassword':
            $oldpassword = trim($_POST['oldpassword']);
            $newpassword = trim($_POST['newpassword']);
            $newpassword2= trim($_POST['newpassword2']);
            $page        = 'member/securityRePwdSta';
            $flag        = true;
            if (strlen($oldpassword) < 6){
                $msg     = '当前登陆密码不正确';
                $flag    = false;
                break;
            }
            $password = Password($oldpassword);
            if ($_user['password'] != $password){
                $msg     = '当前登陆密码不正确';
                $flag    = false;
                break;
            }
            if ((strlen($newpassword) < 6) || (strlen($newpassword) > 20)){
                $msg     = '新登陆密码为6-20位';
                $flag    = false;
                break;
            }
            if ($newpassword != $newpassword2){
                $msg     = '确认登陆密码不正确';
                $flag    = false;
                break;
            }
            $password = Password($newpassword);
            $db->exec('UPDATE '.$table.' SET password = \''.$password.'\' WHERE id = '.$_uid);
            $msg     = '修改密码成功';
            break;
        default:
//             $oldpassword = trim($_POST['oldpassword']);
//             $newpassword = trim($_POST['newpassword']);
//             $newpassword2= trim($_POST['newpassword2']);
//             strlen($oldpassword) < 6 && AjaxReturn(1,'当前登陆密码不正确');
//             $password = Password($oldpassword);
//             ($_user['password'] != $password) && AjaxReturn(1,'当前登陆密码不正确');
//             ((strlen($newpassword) < 6) || (strlen($newpassword) > 20)) && AjaxReturn(1,'新登陆密码为6-20位');
//             ($newpassword != $newpassword2) && AjaxReturn(1,'确认登陆密码不正确');
//             $password = Password($newpassword);
//             $db->exec('UPDATE '.$table.' SET password = \''.$password.'\' WHERE id = '.$_uid);
//             AjaxReturn(0,'修改密码成功');
            break;
    }
    $tpl->display($page);
}

//	密保问题
$passwordquestion = $db->getrow('SELECT * FROM '.$qtable.' WHERE uid = '.$_uid);

$head['title'] = '密码管理';

// $tpl->display('member/password');
$tpl->display('member/securityRePwd');